in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Michaud Case In Playpen Hack Gets Dropped By Feds

One of the most controversial US legal actions in the past couple of years, arguably, is the FBI's approach in arresting hundreds of child pornographers who were frequenting a site in the Dark Web. Because surfing the nether regions of the internet requires the use of a special, secure browser called Tor, the FBI exploited a weakness in the Tor browser to identify the site's frequenters.
The security flaw remains a closely guarded secret, unknown outside specific law enforcement circles. While the FBI is loath to classify it as such, making use of the flaw has the underpinnings of a malware installation. The authorities prefer to call it a "network investigative technique" (NIT). Needless to say, there's a debate on the legality of exploiting the security loophole.
More than 100 people are being prosecuted as part of the FBI's sting operation. One of them was Jay Michaud, whose case is possibly the first to have spotlighted the situation. Yesterday, the Department of Justice announced that they are dropping their case against Michaud, whose lawyers strongly contested the legality of the FBI's tactics. Not surprisingly, this latest development is attracting controversy as well.  

Drop Charges vs. Reveal Exploit

Why did the DOJ drop their case against Michaud? As the prosecutor for the DOJ noted, to avoid disclosing how the NIT works:
"The government must now choose between disclosure of classified information and dismissal of its indictment," Annette Hayes, a federal prosecutor, wrote in a court filing on Friday. "Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery."
In May 2016, the judge overseeing the case ordered the government to reveal the source code behind the NIT.
This week, the government has decided that letting a "suspected" child pornographer go – possibly temporarily; dismissing a case "without prejudice" means that the same case can be brought back in front of a judge – is a better deal than revealing how the FBI is doing what they do. This decision has caused a lot of talk and speculation, including:
  • The NIT is used extensively in everything, including foreign spying. They're letting the small fish go so they can keep pursuing the really big fish.
  • The FBI and DOJ don't know what they're doing: what is the use of a tool that lets criminals walk because of the same tool that led to their identification and arrest?
  • The guys behind the Tor browser will find the security flaw before the statute of limitations runs out. The government can then reveal the flaw they exploited and once again pursue their cases.
They all sound plausible, but that last one sounds like a pretty good strategy because, when it comes to child porn, there is no federal statute of limitations (and supposedly the majority of such cases are prosecuted at the federal level). In other words, the government could wait as long as necessary before bringing Michaud to court, be it a month or a decade.
They could even pursue other cases, possibly set precedent that benefits the DOJ, and come back for Michaud.
In the meantime, over 100 people have pleaded guilty to charges related to child porn regardless of the legal status of the NIT– and, the thinking probably goes, even more will do so down the line, as long as the NIT can be used. In which case, it's obvious that the DOJ knows exactly what it is doing.
 
Related Articles and Sites:
https://arstechnica.com/tech-policy/2017/03/doj-drops-case-against-child-porn-suspect-rather-than-disclose-fbi-hack
https://www.federalcharges.com/child-pornography-laws-charges/
 
<Previous Next>

Data Breach Results In Loss Of $350 Million in Yahoo-Verizon Deal

WikiLeaks Shows That Encryption Works, Even Against Spooks

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.